Welcome, here is your free article

Every week, The Week hand-selects the most important news stories and expertly edits them together in one fascinating read. For more excellent, distilled content like this, get your FREE issue today »

Russia’s cyberwarriors

Russian attempts to “hack” the US election have caused widespread concern. What exactly did they do, and what are the implications?

Has the US been hacked before?

Many times. In 2014, Russian hackers targeted the State Department and the White House – even hacking into President Obama’s unclassified emails. But the first big attack – traced back to somewhere in the former Soviet Union – was detected in 1998, when it emerged that computer systems at the Pentagon, Nasa and various private labs and universities had been compromised for more than two years. Vast numbers of files had been acquired – including details of troop configurations and military hardware designs. Chinese hackers also made audacious attacks, stealing the designs for the F-35 fighter jet, along with billions of dollars’ worth of corporate secrets and the blueprints for US gas pipelines. Another breach, in which as many as four million US government personnel records were stolen, has also been traced to China.

So why such a fuss about last year’s attacks?

All major powers are involved in digital espionage, but publishing sensitive information in order to disrupt a major foreign election is a new development. This time hackers broke into the computers of the Democratic National Committee (DNC) and the email accounts of Hillary Clinton’s top aides. The documents were embarrassing if not especially revelatory: they uncovered details of back-biting among staffers, and of Clinton’s close links to Wall Street; they showed that the Democratic Party top brass favoured Clinton over her opponent Bernie Sanders. These titbits were leaked to the media in the last months of the election campaign, say US intelligence agencies, specifically to “denigrate” Clinton.

How did the hackers get in?

Initially by “spear phishing”. Clinton and DNC staff received emails that appeared to come from their email providers, stating that someone had tried to break into their account, asking them to change their password, and directing them to a fake website that resembled their email provider’s. Once they entered their passwords, the hackers gained access to their accounts. John Podesta, Clinton’s campaign chief, had been sent a warning by an aide about the phishing email, but the aide had in error described it as “legitimate” rather than, as intended, “illegitimate”. So the Russians got hold of some 60,000 emails in Podesta’s private Gmail account. The hackers also exploited vulnerabilities in the software to get inside the DNC’s computer networks, planting bugs that spread through the system, harvesting data and sending it home.

Was it definitely the Russians?

Having analysed the intruders’ digital tradecraft, all US intelligence agencies and top cybersecurity firms believe it was. CrowdStrike, which investigated the DNC’s network, detected “two separate Russian intelligence-affiliated adversaries” – neither of them, it seemed, aware of the other’s involvement – which it dubbed Fancy Bear and Cozy Bear (Fancy and Cozy being references to types of code). Fancy Bear is also known as APT 28 (an Advanced Persistent Threat, being a sophisticated, state-sponsored hacking group). Probably directed by the GRU (Russian military intelligence), it has also attacked Nato, Ukraine’s government, the World Anti-Doping Agency and the Dutch Safety Board investigating the downing of flight MH17 over Ukraine. Cozy Bear, aka APT 29, has been linked to the FSB, a successor to Russia’s KGB.

What else have they done?

In 2007, Russian hackers launched a crippling cyberattack on Estonia, after it removed a Soviet war memorial in the capital, Tallinn – disabling the websites of its parliament, ministries, banks and media organisations. During the Ukrainian conflict, hackers brought down parts of Ukraine’s power grid. In 2014, a six-month-long attack on the German parliament was blamed on Fancy Bear, as was a 2015 attack on the French TV network TV5Monde, when all 11 channels were taken off air and Isis propaganda broadcast in their stead. (Isis clearly lacked the skills to do this.) According to The Sunday Times, Fancy Bear also planned to attack the BBC and government websites during the 2015 election. However, GCHQ seems to have learned of the attack and prevented it.

And who are the people actually doing the hacking?

Partly as a result of the demanding maths curriculum in its better schools, Russia has a huge pool of able programmers, and the world’s largest cybercrime underworld. The Kremlin taps both for its hacking units – in 2013, Defence Minister Sergei Shoigu told university rectors in Moscow he was on a “head hunt” for coders. Students wanting to avoid the worst of conscription can join “science squadrons”; professional programmers are approached by military contractors with offers it might be unwise to refuse; convicted cybercriminals are offered jobs instead of prison terms.

Beyond expelling spies, how could America respond?

The US is assumed to have the world’s greatest cyber capability and could unleash powerful cyberweapons (see box). A hacking unit linked to the National Security Agency, the Equation Group, has been described by cybersecurity firm Kaspersky Lab as “the most advanced… we have seen”. And US officials have reportedly been planning an “unprecedented cyber covert action against Russia”, which could involve leaking unsavoury details about Vladimir Putin and his vast fortune. But even low-level cyberwarfare carries a big risk: the US, and its allies such as Britain, South Korea and Estonia, are the most heavily networked nations in the world, and thus the most vulnerable to chaos. Moreover, the US is said to be wary of cyber counterattacks as they reveal the extent of its own cyber penetration to the adversary. In the end, negotiation is probably the preferred route. The US negotiated with China (as well as indicting five Chinese military hackers) after the attacks in 2014. Since then, Chinese hacking has dropped off significantly.

Stuxnet: waging cyberwar

In 2010, top cybersecurity experts were alarmed by the discovery of a worm – a self-replicating computer virus – more sophisticated than any they’d seen before. It was working its way stealthily through computers across the world, and thence into PLCs made by Siemens – small computers which regulate the movement of machinery in everything from power plants and traffic lights to funfair rides. The worm, named Stuxnet, was found to be a “marksman’s job” aimed at a very specific target: the Natanz nuclear enrichment plant in Iran, where it had caused the PLCs to destroy a large number of centrifuges used for enriching uranium.

The general consensus now is that Stuxnet was a coproduction between two major cyber powers, the US and Israel – though this has never been officially confirmed. It did the job in the short term, but its cost-benefit ratio, says Wired magazine, is “still in question”. Though cleverly targeted, Stuxnet spread far beyond its mark, and was soon available on hacking sites for anyone with malicious intent to download and tweak. In the wrong hands, such a weapon could be devastating, disrupting, say, train control or water treatment systems across the world.

We hope you enjoyed your free article from The Week magazine.

Fill in the form below and a representative will call you to arrange delivery.

Title

First name

Last name

Email

Telephone

I have read and understood the Dennis Publishing (UK) Ltd privacy notice Your personal information will be used as set out in our Privacy Notice. Submitting your details indicates your consent, until you choose otherwise, that we and our partners may contact you about products and services that will be of relevance to you via, direct mail, phone, e-mail and SMS. You can opt-out at ANY time via the web or email.